Merge pull request #2236 from oasisprotocol/kostko/feature/rofl-scheduler-api-logs

rofl-scheduler: Add API endpoint and route to get logs

Author: kostko

Cargo.lock

@@ -12,18 +12,38 @@ oasis-runtime-sdk-rofl-market = { path = "../runtime-sdk/modules/rofl-market" }
 # Third party.
 anyhow = "1.0.86"
 async_zip = { version = "0.0.17", features = ["deflate", "tokio"] }
-backoff = "0.4"
+axum = "0.8.4"
+axum-extra = { version = "0.10.1", features = ["typed-header"] }
+axum-server = { version = "0.7.2", features = ["tls-rustls"] }
+backoff = { version = "0.4", features = ["tokio"] }
 base64 = "0.22.1"
 bytes = "1.10.1"
+chrono = "0.4.41"
 cmd_lib = "1.9.5"
 hex = "0.4.3"
+# TODO: Use 0.8.0 once released.
+instant-acme = { git = "https://github.com/djc/instant-acme", rev = "5e59869f54e66b7dff8c2c0ea63599fbcc3595af" }
+jsonwebtoken = "9"
 nix = { version = "0.29.0", features = ["signal"] }
 oci-client = "0.14.0"
 qcow2-rs = "0.1.6"
 rand = "0.8.4"
+rcgen = "0.13.2"
 rustc-hex = "2.0.1"
+rustls = "0.23.27"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 sha2 = "0.10.8"
-tokio = { version = "1.38", features = ["rt", "rt-multi-thread", "sync", "time", "macros"] }
+siwe = "0.6.1"
+thiserror = "2"
+tokio = { version = "1.38", features = [
+    "rt",
+    "rt-multi-thread",
+    "sync",
+    "time",
+    "macros",
+] }
 tokio-util = { version = "0.7.14", features = ["compat"] }
+tower = "0.5.2"
+tower-http = { version = "0.6.6", features = ["cors"] }
+x509-parser = "0.17.0"

contract-sdk/specs/access/oas173/Cargo.lock

@@ -1,5 +1,5 @@
 name: rofl-scheduler
-version: 0.1.2
+version: 0.2.0
 repository: https://github.com/oasisprotocol/oasis-sdk
 tee: tdx
 kind: raw
@@ -11,9 +11,9 @@ resources:
     size: 64
 artifacts:
   builder: ghcr.io/oasisprotocol/rofl-dev:v0.1.0@sha256:1d2b77c25811f70219f366153265702417e0e4a08067a68cce4d132e253d7607
-  firmware: https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.2/ovmf.tdx.fd#db47100a7d6a0c1f6983be224137c3f8d7cb09b63bb1c7a5ee7829d8e994a42f
-  kernel: https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.2/stage1.bin#02903bd0ddfe1e3552e95767f1be17e801690d73d90bb1e800aa4879ba46c4d7
-  stage2: https://github.com/oasisprotocol/oasis-boot/releases/download/v0.4.2/stage2-basic.tar.bz2#72c84d2566959799fdd98fae08c143a8572a5a09ee426be376f9a8bbd1675f2b
+  firmware: https://github.com/oasisprotocol/oasis-boot/releases/download/v0.5.0/ovmf.tdx.fd#db47100a7d6a0c1f6983be224137c3f8d7cb09b63bb1c7a5ee7829d8e994a42f
+  kernel: https://github.com/oasisprotocol/oasis-boot/releases/download/v0.5.0/stage1.bin#23877530413a661e9187aad2eccfc9660fc4f1a864a1fbad2f6c7d43512071ca
+  stage2: https://github.com/oasisprotocol/oasis-boot/releases/download/v0.5.0/stage2-basic.tar.bz2#72c84d2566959799fdd98fae08c143a8572a5a09ee426be376f9a8bbd1675f2b
 deployments:
   mainnet:
     app_id: rofl1qr95suussttd2g9ehu3zcpgx8ewtwgayyuzsl0x2
@@ -35,7 +35,11 @@ deployments:
         - id: OW90gvblTearxfeELGeLmV9/95UmSzmH/qCkqzuplFYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
           version: 0.1.1
         - id: lkRxF1Ps6zqhEypa3o8VghPtUHE5PMv4v1dPN54kuZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+          version: 0.1.2
         - id: qegcmpWD7YHForsxaqdAWcou+Njporf2A4tmgNQ2XuIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+          version: 0.1.2
+        - id: uprcd2wbFvXZ7US3vminHlONmOsbaU20Ll/XFn22U4kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+        - id: d8+W9SL9GLSjlox5EahAzQdb/ruz4Qb2al4l9+gsDfUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
       endorsements:
         - any: {}
       fees: endorsing_node
@@ -55,12 +59,6 @@ deployments:
           min_tcb_evaluation_data_number: 18
           tdx: {}
       enclaves:
-        - id: 2OKs276ykwRIRetgtYGQJMOyfI5FyZ861qMvZGgHVikAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-          version: 0.1.0-pre
-          description: Pre-release version of the scheduler
-        - id: gjsdGO/HZda3cpvIVp7se/EAUHf80TCKb60IEJ+ba4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-          version: 0.1.0-pre
-          description: Pre-release version of the scheduler
         - id: PE2TSgy9aMfAmxGIDgMpbjr9ejk2evb2wdzaBEkA4TMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
           version: 0.1.0
         - id: +3Sv/xqzc171KyieVot07v8H7lCGpSqIuaDelVmTE8IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
@@ -70,7 +68,11 @@ deployments:
         - id: akLPdeqNVejSkZ807J4KA8kilCv8noHqZ5KOO5RvCJIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
           version: 0.1.1
         - id: +ZT1Qg8ZVUPS77VTZDFXwqgOnz/TPcWBTX4her22GL4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+          version: 0.1.2
         - id: FvdH6lM8tThmGJNLYf/rC/qzU3VuplyCP5JkZ7RVejUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+          version: 0.1.2
+        - id: 5pgjooS9Su7Ic+qAFhlBLXgVDrwmKUErrSKEOfIXWHYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
+        - id: JronXGA4H36ZRJsNQn0qRpWlinNIb7wvk/MhZqKF1S4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
       endorsements:
         - any: {}
       fees: endorsing_node

contract-sdk/specs/token/oas20/Cargo.lock

@@ -1,27 +1,30 @@
-use std::collections::{BTreeMap, BTreeSet};
+use std::{
+    collections::{BTreeMap, BTreeSet},
+    sync::Arc,
+};
 
 use anyhow::{anyhow, Result};
 use base64::prelude::*;
 
 use oasis_runtime_sdk::{
     cbor,
-    core::common::crypto::{hash::Hash, signature::PublicKey},
-    modules::rofl::app::prelude::*,
+    core::{
+        common::crypto::{hash::Hash, signature::PublicKey},
+        Protocol,
+    },
     types::address::Address,
 };
 use oasis_runtime_sdk_rofl_market as market;
 
-use crate::SchedulerApp;
-
 /// Local configuration key that contains the ROFL scheduler configuration.
 const ROFL_SCHEDULER_CONFIG_KEY: &str = "rofl_scheduler";
 
 /// Raw local configuration as serialized.
 #[derive(Clone, Debug, Default, cbor::Decode)]
-struct RawLocalConfig {
+pub struct RawLocalConfig {
     /// Address of the provider.
     pub provider_address: String,
-    /// Offers that the scheduler should accept.
+    /// Offers that the scheduler should accept. If no offers are configured, all are accepted.
     ///
     /// Each offer identifier is the value of the `net.oasis.scheduler.offer` metadata key.
     pub offers: BTreeSet<String>,
@@ -44,6 +47,24 @@ struct RawLocalConfig {
     pub deploy_pull_timeout: Option<u64>,
     /// A list of node addresses to transfer the instances from.
     pub transfer_instances_from: Vec<String>,
+    /// Domain used to serve the scheduler API endpoint. If not set, the endpoint is disabled.
+    pub api_domain: Option<String>,
+    /// Lifetime of issued JWT tokens for API access (in seconds).
+    pub api_token_lifetime: Option<u64>,
+}
+
+impl RawLocalConfig {
+    /// Create a new raw local config by parsing the CBOR provided by the host.
+    pub fn new(host: Arc<Protocol>) -> Result<Self> {
+        let cfg = host
+            .get_host_info()
+            .local_config
+            .remove(ROFL_SCHEDULER_CONFIG_KEY)
+            .map(cbor::from_value)
+            .transpose()?
+            .unwrap_or_default();
+        Ok(cfg)
+    }
 }
 
 /// Resources.
@@ -109,18 +130,21 @@ pub struct LocalConfig {
     pub deploy_pull_timeout: u64,
     /// A list of node addresses to transfer the instances from.
     pub transfer_instances_from: BTreeSet<PublicKey>,
+    /// Domain used to serve the scheduler API endpoint. If not set, the endpoint is disabled.
+    pub api_domain: Option<String>,
+    /// Lifetime of issued JWT tokens for API access (in seconds).
+    pub api_token_lifetime: u64,
 }
 
 impl LocalConfig {
-    /// Read local configuration.
-    pub fn from_env(env: Environment<SchedulerApp>) -> Result<Self> {
-        let cfg: RawLocalConfig = env
-            .untrusted_local_config()
-            .remove(ROFL_SCHEDULER_CONFIG_KEY)
-            .map(cbor::from_value)
-            .transpose()?
-            .unwrap_or_default();
+    /// Read local configuration from host.
+    pub fn from_host(host: Arc<Protocol>) -> Result<Self> {
+        let cfg = RawLocalConfig::new(host)?;
+        Self::from_raw(cfg)
+    }
 
+    /// Read given raw local configuration.
+    pub fn from_raw(cfg: RawLocalConfig) -> Result<Self> {
         let provider_address = Address::from_bech32(&cfg.provider_address)
             .map_err(|_| anyhow!("bad provider address"))?;
         let allowed_artifacts = cfg
@@ -167,6 +191,11 @@ impl LocalConfig {
             claim_payment_interval_secs: cfg.claim_payment_interval.unwrap_or(24) * 3600,
             deploy_pull_timeout: cfg.deploy_pull_timeout.unwrap_or(60),
             transfer_instances_from,
+            api_domain: cfg.api_domain,
+            api_token_lifetime: cfg
+                .api_token_lifetime
+                .unwrap_or(6 * 3600) // Default to 6 hours.
+                .clamp(60, 7 * 24 * 3600),
         })
     }
 

examples/runtime-sdk/rofl-oracle-tdx/Cargo.lock

@@ -1,39 +1,98 @@
 //! The rofl-scheduler is a ROFL app that acts as the instruction interpreter for the on-chain
 //! control plane implemented by the roflmarket module.
+#![feature(once_cell_try)]
+
+use std::collections::BTreeMap;
+
 use oasis_runtime_sdk::{
-    core::common::{logger::get_logger, process},
+    core::{
+        common::{logger::get_logger, process},
+        Protocol,
+    },
     modules::rofl::app::prelude::*,
 };
 
 mod client;
 mod config;
 mod manager;
 mod manifest;
+mod serverd;
 mod types;
 
-struct SchedulerApp;
+struct SchedulerApp {
+    cfg: Option<Arc<config::LocalConfig>>,
+}
+
+impl SchedulerApp {
+    fn new() -> Self {
+        Self { cfg: None }
+    }
+}
+
+/// Name of the metadata key used to store the endpoint URL.
+const METADATA_KEY_ENDPOINT_URL: &str = "net.oasis.scheduler.api";
 
 #[async_trait]
 impl App for SchedulerApp {
     const VERSION: Version = sdk::version_from_cargo!();
 
-    async fn run(self: Arc<Self>, env: Environment<Self>) {
+    fn init(&mut self, host: Arc<Protocol>) {
         let logger = get_logger("scheduler");
 
-        // Read local coniguration.
-        let cfg = match config::LocalConfig::from_env(env.clone()) {
-            Ok(cfg) => cfg,
+        let cfg = match config::LocalConfig::from_host(host) {
+            Ok(cfg) => Arc::new(cfg),
             Err(err) => {
                 slog::error!(logger, "failed to load configuration"; "err" => ?err);
                 process::abort();
             }
         };
 
-        let manager = manager::Manager::new(env, cfg);
+        self.cfg = Some(cfg);
+    }
+
+    async fn get_metadata(
+        self: Arc<Self>,
+        _env: Environment<Self>,
+    ) -> Result<BTreeMap<String, String>> {
+        let cfg = self.cfg.as_ref().unwrap();
+        let mut meta = serverd::tls::Identity::global()?.metadata();
+        if let Some(api_domain) = &cfg.api_domain {
+            meta.insert(
+                METADATA_KEY_ENDPOINT_URL.to_string(),
+                format!("https://{}", api_domain),
+            );
+        }
+
+        Ok(meta)
+    }
+
+    async fn run(self: Arc<Self>, env: Environment<Self>) {
+        let logger = get_logger("scheduler");
+
+        // Create the manager.
+        let cfg = self.cfg.as_ref().unwrap();
+        let manager = manager::Manager::new(env.clone(), cfg.clone());
+
+        // Start API server when enabled.
+        if let Some(domain) = &cfg.api_domain {
+            if let Err(err) = serverd::serve(serverd::Config {
+                address: "0.0.0.0:443",
+                domain,
+                env,
+                manager: manager.clone(),
+                config: cfg.clone(),
+            })
+            .await
+            {
+                slog::error!(logger, "failed to start API server"; "err" => ?err);
+            }
+        }
+
+        // Start the manager.
         manager.run().await
     }
 }
 
 fn main() {
-    SchedulerApp.start();
+    SchedulerApp::new().start();
 }